[OpenSIPS-Users] Client certificate validation
Adrian Georgescu
ag at ag-projects.com
Wed Sep 23 15:58:51 CEST 2009
I was last week at SIPIT and nobody could realize this scenario.
CounterPath included.
The idea is that having the server connect back to a client while
technically is a valid call flow scenario, for all practical purposes
involved in a real life deployment, servers should not attempt to
connect back to clients but the opposite, the clients should connect
to the server and keep the TLS connection alive by using outbound
techniques. The real issue is NAT, a server cannot initiate a TLS
connection back to a client if is behind NAT.
--
Adrian
On Sep 23, 2009, at 3:45 PM, Fabio Spelta wrote:
>
> So you already know where the problem is.
>
> As I stated above, since all the three clients I tried get that
> message, I suspected that it could perhaps be a server issue; but
> that was only a suspect.
> The first suspect was about the certificate itself, which misses a
> URI:sip subjectAltName.
> Does anybody knows if this is mandatory?
>
>
> By the way, where do you configure a client side X.509 certificate
> in Counterpath's Eyebeam client?
>
> It gets the certificate from the microsoft windows keystore; in
> fact, the proper way to have it use client certificates is to
> install them in the operating system keystore.
>
> Just to ask, does anybody uses successfully a client certificate for
> authentication?
> If so, I would love, if possible, to see a sample of a working
> client certificate, so to triple check it and see how it must be
> formatted.
>
> Thanks so much
> --
> Fabio
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
More information about the Users
mailing list